![](/img/trans.png)
[英]Return a list of all Active Directory groups a user belongs to in string[ ]
[英]Return a list of all Active Directory application groups a user belongs to
我想列出用戶所屬的所有Active Directory應用程序組。 但我一無所獲。
謝謝你的建議。
public List<string> GetGroups(string strUserName)
{
DirectoryEntry objADAM = default(DirectoryEntry);
// Binding object.
DirectoryEntry objGroupEntry = default(DirectoryEntry);
// Group Results.
DirectorySearcher objSearchADAM = default(DirectorySearcher);
// Search object.
SearchResultCollection objSearchResults = default(SearchResultCollection);
// Results collection.
string strPath = null;
// Binding path.
List<string> result = new List<string>();
// Construct the binding string.
strPath = "LDAP://CHCAD.abc/DC=abc";
//Change to your ADserver
// Get the AD LDS object.
try
{
objADAM = new DirectoryEntry(strPath);
objADAM.RefreshCache();
}
catch (Exception e)
{
throw e;
}
// Get search object, specify filter and scope,
// perform search.
try
{
objSearchADAM = new DirectorySearcher(objADAM);
objSearchADAM.Filter = "(&(objectClass=group)(samaccountname=" + strUserName + "))";
objSearchADAM.SearchScope = SearchScope.Subtree;
objSearchResults = objSearchADAM.FindAll();
}
catch (Exception e)
{
throw e;
}
// Enumerate groups
try
{
if (objSearchResults.Count != 0)
{
foreach (SearchResult objResult in objSearchResults)
{
objGroupEntry = objResult.GetDirectoryEntry();
result.Add(objGroupEntry.Name);
}
}
else
{
throw new Exception("No groups found");
}
}
catch (Exception e)
{
throw new Exception(e.Message);
}
return result;
}
如果您使用的是.NET 3.5及更高版本,則應該查看System.DirectoryServices.AccountManagement
(S.DS.AM)命名空間。 在這里閱讀所有相關內容:
基本上,您可以定義域上下文並輕松查找AD中的用戶和/或組:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user - this will search for DN and samAccountName and display name and a few more
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, strUserName);
if(user != null)
{
// if user is found - get the groups that user belongs to
PrincipalSearchResult<Principal> authGroups = user.GetAuthorizationGroups();
List<string> groupNames = new List<string>();
foreach(Principal group in authGroups)
{
// do something with the groups - like add their name to a List<string>
groupNames.Add(group.Name);
}
}
新的S.DS.AM使得在AD中與用戶和群組玩游戲變得非常容易!
PS:否則,如果你不能切換到S.DS.AM,你應該查看我對另一個處理相同問題的StackOverflow問題的答案 。 基本上只需檢查DirectoryEntry
對象的memberOf
屬性。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.